99b31e3235
Make all operations that related to `neofs-api-go` library be placed in `v2` packages. They parse all v2-versioned structs info `neofs-sdk-go` abstractions and pass them to the corresponding `acl`/`eacl` packages. `v2` packages are the only packages that do import `neofs-api-go` library. `eacl` and `acl` provide public functions that only accepts `sdk` structures. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
135 lines
3.4 KiB
Go
135 lines
3.4 KiB
Go
package v2
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"fmt"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
|
sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
|
containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
|
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
|
sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
|
|
bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
|
|
)
|
|
|
|
// RequestInfo groups parsed version-independent (from SDK library)
|
|
// request information and raw API request.
|
|
type RequestInfo struct {
|
|
basicACL uint32
|
|
requestRole eaclSDK.Role
|
|
isInnerRing bool
|
|
operation eaclSDK.Operation // put, get, head, etc.
|
|
cnrOwner *owner.ID // container owner
|
|
|
|
idCnr *containerIDSDK.ID
|
|
|
|
oid *oidSDK.ID
|
|
|
|
senderKey []byte
|
|
|
|
bearer *bearerSDK.BearerToken // bearer token of request
|
|
|
|
srcRequest interface{}
|
|
}
|
|
|
|
func (r *RequestInfo) SetBasicACL(basicACL uint32) {
|
|
r.basicACL = basicACL
|
|
}
|
|
|
|
func (r *RequestInfo) SetRequestRole(requestRole eaclSDK.Role) {
|
|
r.requestRole = requestRole
|
|
}
|
|
|
|
func (r *RequestInfo) SetSenderKey(senderKey []byte) {
|
|
r.senderKey = senderKey
|
|
}
|
|
|
|
// Request returns raw API request.
|
|
func (r RequestInfo) Request() interface{} {
|
|
return r.srcRequest
|
|
}
|
|
|
|
// ContainerOwner returns owner if the container.
|
|
func (r RequestInfo) ContainerOwner() *owner.ID {
|
|
return r.cnrOwner
|
|
}
|
|
|
|
// ObjectID return object ID.
|
|
func (r RequestInfo) ObjectID() *oidSDK.ID {
|
|
return r.oid
|
|
}
|
|
|
|
// ContainerID return container ID.
|
|
func (r RequestInfo) ContainerID() *containerIDSDK.ID {
|
|
return r.idCnr
|
|
}
|
|
|
|
// CleanBearer forces cleaning bearer token information.
|
|
func (r *RequestInfo) CleanBearer() {
|
|
r.bearer = nil
|
|
}
|
|
|
|
// Bearer returns bearer token of the request.
|
|
func (r RequestInfo) Bearer() *bearerSDK.BearerToken {
|
|
return r.bearer
|
|
}
|
|
|
|
// IsInnerRing specifies if request was made by inner ring.
|
|
func (r RequestInfo) IsInnerRing() bool {
|
|
return r.isInnerRing
|
|
}
|
|
|
|
// BasicACL returns basic ACL of the container.
|
|
func (r RequestInfo) BasicACL() uint32 {
|
|
return r.basicACL
|
|
}
|
|
|
|
// SenderKey returns public key of the request's sender.
|
|
func (r RequestInfo) SenderKey() []byte {
|
|
return r.senderKey
|
|
}
|
|
|
|
// Operation returns request's operation.
|
|
func (r RequestInfo) Operation() eaclSDK.Operation {
|
|
return r.operation
|
|
}
|
|
|
|
// RequestRole returns request sender's role.
|
|
func (r RequestInfo) RequestRole() eaclSDK.Role {
|
|
return r.requestRole
|
|
}
|
|
|
|
// MetaWithToken groups session and bearer tokens,
|
|
// verification header and raw API request.
|
|
type MetaWithToken struct {
|
|
vheader *sessionV2.RequestVerificationHeader
|
|
token *sessionSDK.Token
|
|
bearer *bearerSDK.BearerToken
|
|
src interface{}
|
|
}
|
|
|
|
// RequestOwner returns ownerID and its public key
|
|
// according to internal meta information.
|
|
func (r MetaWithToken) RequestOwner() (*owner.ID, *keys.PublicKey, error) {
|
|
if r.vheader == nil {
|
|
return nil, nil, fmt.Errorf("%w: nil verification header", ErrMalformedRequest)
|
|
}
|
|
|
|
// if session token is presented, use it as truth source
|
|
if r.token != nil {
|
|
// verify signature of session token
|
|
return ownerFromToken(r.token)
|
|
}
|
|
|
|
// otherwise get original body signature
|
|
bodySignature := originalBodySignature(r.vheader)
|
|
if bodySignature == nil {
|
|
return nil, nil, fmt.Errorf("%w: nil at body signature", ErrMalformedRequest)
|
|
}
|
|
|
|
key := unmarshalPublicKey(bodySignature.Key())
|
|
|
|
return owner.NewIDFromPublicKey((*ecdsa.PublicKey)(key)), key, nil
|
|
}
|